I'm stuck with a problem: I set up an P2P OpenVPN connection between two sites. I added the VPN TAP Interfaces into a bridge on either side.
Client side:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000db9262f8d no vpntap0
eth1
eth2
Server side:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000db92d05d6 no vpntap0
eth2
The interface eth2 on the server side is an untagged vlan connected to a dedicated server.
Now, when I add an IP Addresses to each gateway (server and client side) they can ping each other. But from the client side I cannot reach the dedicated server machine (it seems).
When I ping from the dedicated server machine I can reach the server's gateway, but not the client gateway. But the packets seem to go somewhere. When I clear the IP of the client's gateway ping complains
From 172.16.77.9 icmp_seq=488 Destination Host Unreachable
But when the client's gatway has an IP it's silent, the packet just doesn't return.
Client VPN Config:
remote myremotesite.tld
port 1195
proto udp
dev vpntap0
dev-type tap
secret /etc/openvpn/static.key
script-security 2
up /etc/openvpn/br-up.sh
#comp-lzo no
#cipher AES-256-CBC
Server VPN Config:
port 1195
proto udp
dev vpntap0
dev-type tap
secret /etc/openvpn/static.key
script-security 2
up /etc/openvpn/br-up.sh
#comp-lzo no
#cipher AES-256-CBC
Script br-up.sh (both sides):
#! /bin/bash
ifconfig vpntap0 promisc
ifconfig vpntap0 up 0.0.0.0
brctl addif br0 vpntap0
Firewall on the client side gateway is completely open.
To the firewall on the server side I added
iptables -I INPUT -i eth2 -j ACCEPT
iptables -I INPUT -i vpntap0 -j ACCEPT
iptables -I INPUT -i br0 -j ACCEPT
iptables -I OUTPUT -o eth2 -j ACCEPT
iptables -I OUTPUT -o vpntap0 -j ACCEPT
iptables -I OUTPUT -o br0 -j ACCEPT
... just to make sure.
MTU is also set to 1500 on all interfaces.
